curriculum vitae – ross andersonrja14/papers/cv.pdf · curriculum vitae – ross anderson i am...
TRANSCRIPT
Curriculum Vitae – Ross Anderson
I am Professor of Security Engineering at the Computer Laboratory at CambridgeUniversity, and a Fellow of Churchill College. Security Engineering is about buildingsystems to remain dependable in the face of malice, error or mischance. As a discipline,it focuses on the tools, processes and methods needed to design, implement and testcomplete systems, and to adapt existing systems as their environment evolves.
The focus of my work in academia has been building security engineering into adiscipline. Twenty-five years ago, some tractable parts of it – cryptography, proto-cols and operating system security – had well-developed theory, but the experts mostlydidn’t talk to each other. Other aspects, such as software security, were a practitioners’art, while yet other aspects such as hardware security were just black magic.
Over the last quarter century I’ve started research programs in neglected areas,ranging from hardware security to the uses of signal processing. I’ve worked on in-teresting new applications from ATMs through digital tachographs to online medicalrecords, which have failure modes from which engineers can learn. I’ve developedsecurity economics as a discipline: very often systems fail not because of some tech-nical mistake but because of misaligned incentives. For example, the people guardinga system are often not the people who suffer when it fails. This work is now spreadinginto the behavioural economics and psychology of security. I wrote a book, ‘Secu-rity Engineering – A Guide to Building Dependable Distributed Systems’ [88, 157],which is now the standard reference. Along the way I’ve contributed to the design of anumber of widely-deployed systems, from peer-to-peer systems through the STS spec-ification for prepayment utility meters (with 400 million installed) to the HomePlugstandard for power-line communications (widely used to extend wifi). This work hasbeen recognised by the Lovelace Medal, the UK’s top award in computing.
Security engineering is now merging with safety engineering, and is becoming es-sential to the next generation of cars, medical devices, railway signals and much else.And as we start doing regular security patches for durable goods, security will becomea larger part of the total lifecycle cost; Mercedes can’t just refuse to patch the prod-ucts they sold five years ago the way that Google or Microsoft can. And as crime hasmoved online, and AI takes more and more decisions that matter to us, security is mov-ing steadily up the political agenda – along with privacy, surveillance and competitionpolicy.
Although I’m on sabbatical for 2019, my regular duties include teaching securityand software engineering, and graduate courses in security. I am also the PrincipalInvestigator of the Cambridge Cybercrime Centre which collects and curates data onspam, phish, malware and other online wickedness for use by researchers worldwide.
Ross Anderson FRS FREngJanuary 2019
1
1 Research
1.1 Economics and security
If Alice guards a system but Bob pays the cost of failure, you can expect trouble. Thisobservation led me to work on establishing security economics as an academic disci-pline. We now know that many real problems can be best explained using the languageof microeconomics: network externalities, asymmetric information, moral hazard, ad-verse selection, liability games and the tragedy of the commons. Although I did someearly work in 1993-4 [10, 12], the field took off since I wrote about it in 2001, in apaper [90] and in my textbook [88]. Further papers followed [94, 101, 103, 105, 106];for surveys, see [134, 145, 171] and [188]. My most important recent work may havebeen major studies for the European Commission of the security economics of cyber-crime [154, 160], the resilience of the Internet [187] and what happens to safety regu-lation once there’s software in everything [245, 246]; and a major study of the costs ofcybercrime that was originally commissioned by the UK Ministry of Defence [196]. Ihave other papers on online crime [176], attitudes to online crime [216], the securityeconomics of critical national infrastructure [170, 175] and surveillance [215], and theways in which financial regulators are missing the risks with bitcoin [255]. I’m Princi-pal Investigator for the Cambridge Cybercrime Centre, which collects large quantitiesof data on maleware, spam, phish and other online bad things as raw material for re-searchers doing econometric and criminological work; two dozen researchers in tenuniversities across six countries now work with our data. A new topic is the engineer-ing and incentives necessary to maintain the software in durable safety-critical goodslike cars and medical devices [245, 246, 250]. This in turn has led to work on more sus-tainable toolchains [252]. Another long-term project is to grow security economics outthrough behavioural economics into psychology [179, 188, 192, 193, 210, 216, 217,219, 220, 228, 230, 234, 253].
1.2 Peer-to-Peer systems and networks
Since 2000, there has been an explosion of interest in peer-to-peer networking – build-ing useful systems out of intermittently connected machines, with virtual infrastruc-tures tailored to the application. I wrote one of the seminal papers, on The EternityService [35]. My ideas were taken up by Freenet, Gnutella, Publius, Kazaa and others.We also developed mechanisms for authenticating distributed content using hash treesand chains [58, 62]. Further papers include [70, 71, 76, 82, 84, 105, 106, 108, 121, 228].I designed the key-management protocols for HomePlug, now deployed in millions ofconsumer electronic devices [128, 138]. We also looked at social networks wherewe’ve discovered all sorts of privacy problems [161, 168].
In a related thread of work, we found that the topology of insurgent networksshapes, and is shaped by, strategies of attack and defence; our models can explainwhy insurgents form cells, and the circumstances under which suicide attacks are ra-tional strategy. This led us to develop a number of metrics and other analysis techiquesfor both static and dynamic networks [118, 121, 144, 155, 148, 202, 190, 191, 206].
2
1.3 What goes wrong with real systems
Engineers learn much more from the bridge that falls down than from the hundred thatremain standing. I applied this principle to computer security by studying the fail-ure modes of a number of important distributed systems including ATM and bankcard systems [10, 12, 17, 113, 120, 142, 125, 139, 143, 153, 159, 165, 177, 180,181, 192, 195, 201, 202, 212, 218, 224, 230, 231, 236], prepayment electricity me-ters [18, 30], medical record systems [23, 29, 61, 68, 69, 129, 136, 151, 221] and dig-ital tachographs [56]. This work follows our laboratory’s maxim that ‘good researchcomes from real problems’. It has led to a number of papers in which I try to distilthe essence of good security design [6, 14, 16, 21, 25, 31, 36, 47]. One high-impactpiece of work led to the cancellation of badly-designed databases intended to supportchild protection [135]; another was an investigation into how Chinese agents compro-mised the Dalai Lama’s office computers [167]; another tackled smart grids and smartmeters [170, 175, 182, 184, 203]. Recently we’ve been looking at security vulnera-bilities in mobile phones [209, 225, 226, 233], at ways of extending mobile paymentsoffline [232, 244], and at protecting data about wildlife from poachers [256]. Our mostrecent topic is adversarial machine learning [257, 259, 261].
1.4 Cryptographic protocols and APIs
Many of the most interesting technical attacks on security systems fall under the gen-eral heading of protocol failure. This includes design flaws in which the wrong thingsare encrypted, or the right things are encrypted in the wrong way; such flaws are com-mon in practice but rather hard to spot. Over the years I have discovered many protocolattacks [5, 14, 21, 33, 40, 41, 43]. I was the first to use formal methods to verify thecrypto protocols underlying a real banking system [6, 16, 45]. I have also designed anumber of protocols [13, 28, 46, 58, 62, 70, 93, 232], was one of the inventors of micro-payments [28], and of the idea of making files sufficiently invisible that their existencecan be plausibly denied even in the face of compulsion (the ‘Steganographic File Sys-tem’ [52]). I’ve also worked on protocols in industrial control systems [183, 184], theinteraction between protocols and economics [115, 186], with psychology [179, 192]and the effects on innovation [178, 185, 186, 187, 242].
Perhaps my biggest innovation was API attacks, which extend protocol analysisto the application programming interfaces of cryptographic processors. These devicestypically have from dozens of transactions that can be performed using internally pro-tected keys; most of the devices we’ve looked at could be broken by issuing a suitablychosen sequence of transactions. I initiated this field of research with [80]; further pa-pers can be found at [89, 102, 142, 125, 126] and a survey at [122]. Our work forcedmany manufacturers to redesign products.
1.5 Hardware reverse engineering
In 1996, we demolished a popular belief in the tamper-resistance of smartcards: ourinitial paper on attack techniques [37] opened up the field. Later work on this topic can
3
be found in [41, 122], while in [95, 97] we opened up the new field of semi-invasivesemiconductor testing in which laser probing is used to induce revealing faults in semi-conductors and to read out memory contents by inducing photocurrents – enabling usto bypass the circuits supplied by the chip vendor for that purpose. We investigatedwhether we could make CPUs much less vulnerable using self-timed dual-rail logicwith inbuilt alarm circuitry [86, 92, 98] (you can but it’s too fragile to commonly usedfabrication toolchains). We’ve shown that the supposed tamper-resistance of commonPIN Entry Devices is unsatisfactory [153, 201]. We’ve also shown that you can recastdecompilation as a search problem [208], which facilitates the analysis of large mal-ware families that differ from each other by small tweaks. We’re now applying thisknow-how to the many versions of IoT botnets and to firmware recovered by my post-docs Sergei Skorobogatov and Franck Courbon from chips using a scanning electronmicroscope.
1.6 Analysis and design of ciphers
Breaking ciphers was my introduction to information security in the mid-1980’s whenI found a number of attacks on the stream ciphers then in use [3, 4] and proposedimproved versions [1]. I returned to the subject again in the early 1990s [7, 15, 19];this, plus some work on hash functions [11, 26] led me to find ways to construct blockciphers from hash functions and stream ciphers [27]. My big project was ‘Serpent’, ablock cipher which was a finalist in the Advanced Encryption Standard contest [54, 59,60]. The winner, Rijndael, got 87 votes at the final AES conference while Serpent with59 votes was second.
1.7 Signal processing and security
In the late 1990s, I spent some time applying signal processing ideas to computersecurity. The most novel development was ‘Soft Tempest’. It had previously beenbelieved that Tempest protection (preventing opponents from reconstructing informa-tion from stray RF emanations from computers) necessarily involved hardware tech-niques such as metal shielding. We showed that substantial protection can be givenusing software [51, 75]. We also got interested in digital copyright watermarking in1995 and within a few years we broke essentially all the existing copyright markingschemes [50]. The ‘Stirmark’ software we wrote became the industry standard fortesting marking systems [72] (see also [32, 42, 49, 55], and our survey paper [73]).
1.8 Odds and ends
The main lesson learned from studying real security systems was that most real lifefailures resulted from the opportunistic exploitation of bugs and blunders. This moti-vated the study of design assurance. My first paper on the subject provided a rigorousexplanation, under quite general assumptions, of why the growth in reliability of largesystems in response to testing is often as poor as can possibly be: a software engineer’s
4
version of ‘Murphy’s Law’ [74]; this means that testing should be parallelised as muchas possible. I conducted an experiment which shows that the same applies in large partto requirements engineering [77]. The most controversial result is a proof that, understandard assumptions, open source and proprietary systems are security equivalent – inthe sense that opening up the design helps the attacker and the defender to exactly thesame extent [96].
Like many cryptographers, I am a sceptic about quantum computing and quantumcryptography, which have failed to deliver the goods despite enormous funding. Manyof the claims made on behalf of future quantum systems hinge on a particular inter-pretation of the Bell tests; I have been working with a physicist colleague to show thatthis is not the only one [204, 207, 211, 222]. Our work raises hard questions about thesecurity proofs offered for quantum cryptosystems based on entanglement.
1.9 Policy
With the Snowden revelations, the world of information security has lost its innocence,as physics did in 1945. But this was just the latest incident in a long process, as states,citizens, businesses and spooks have tussled for control in cyberspace. The 1990s sawthe ‘Crypto wars’. The Clinton government claimed that they needed to control cryp-tography; I was an author of the most influential and widely cited paper rebutting thisclaim [44]. I was also the first to point out that it was not a straight fight between cryptoand state surveillance, as most privacy compromises come from the abuse of authorisedaccess and most of the rest from metadata [22] (for further writings on crypto policy,see [43, 48, 53, 65, 87, 130, 131, 132, 133, 140, 172, 173]). In 2014, crypto controlswere brought back on the agenda by UK Prime Minister David Cameron and FBI Di-rector James Comey; we updated our classic paper to demonstrate that the argumentsagainst government-mandated exceptional access to systems are as strong as ever [229].
In 1998, I was one of the founders of the Foundation for Information Policy Re-search, a think-tank. We secured amendments to various laws including the RIP Actand the Export Control Act in the UK and the IPR Enforcement Directive in Brussels.
The FAQ I wrote on‘Trusted Computing’ [100, 101] together with my economicanalysis [103] helped kill the project. I coauthored a copyright policy document adoptedby many European NGOs [110] wrote many other NGO submissions on policy [130,131, 132, 133, 140, 141, 150, 152, 172, 173, 197, 198, 198]. I was on the UK Govern-ment Chief Scientific Adviser’s Blackett Review of Cyber Security, which led in 2011to an extra £640m being spent on cyber security over the period 2011–5. I was one ofthe authors of the Nuffield Bioethics Council’s recent report on biodata [221].
Other high-impact policy works include a report commissioned by the Chief Scien-tific Adviser at the Ministry of Defence on the costs of cybercrime [196]; a report forthe Information Commissioner on children’s databases [135]; a report published by theJoseph Rowntree Reform Trust entitled ‘Database State’ on the safety, privacy and le-gality of large UK public-sector databases [166]; a study of the security economics andpolicy options in cybercrime [154]; and a study of the resilience of the Internet [187].The ‘Database State’ report was adopted by both Conservative and Liberal Democrat
5
parties before the 2010 election, which they won – leading to the abandonment of theContactPoint and eCAF children’s databases.
The hot topic since 2017 is our report on what happens to safety regulation in aworld full of Internet-connected things [245, 246, 250]. I’ve also worked on tracingstolen bitcoin237,240,246 and what our tracing tools tell us about the failures of finan-cial regulation.
1.10 Research mentoring and management
I am currently supervising three research students (Alexander Vetterl, Mansoor Ahmedand Ilia Shumailov). I have six postdocs (Richard Clayton, Franck Courbon, SergeiSkorobogatov, Daniel Thomas, Ben Collier and Maria Bada) with two more startingthis term. Four former students are full professors (George Danezis at UCL, FrankStajano at Cambridge, Jeff Yan at Linnköping and Feng Hao at Warwick); two formerstudents lecture here (Markus Kuhn, and Robert Watson) along with one former post-doc (Alice Hutchings); while Shishir Nagaraja teaches at Strathclyde, Steven Murdochat UCL, Tyler Moore at Tulsa, Harry Manifavas in Dubai, Hyoungshick Kim in Ko-rea and Susan Pancho in the Phillipines. Twenty-nine of my former research studentshave earned PhDs (Jong-Hyeon Lee, Fabien Petitcolas, Frank Stajano, Harry Mani-favas, Markus Kuhn, Ulrich Lang, Jianxin Yan, Susan Pancho, Mike Bond, GeorgeDanezis, Sergei Skorobogatov, Hyun-Jin Choi, Richard Clayton, Jolyon Clulow, FengHao, Andy Ozment, Tyler Moore, Shishir Nagaraja, Robert Watson, HyoungshickKim, Shailendra Fuloria, Joe Bonneau, Wei-Ming Khoo, Rubin Xu, Kumar Sharad,Laurent Simon, Dongting Yu, Sheharbano Khattak and Khaled Baqer).
I have started four conference series (Fast Software Encryption in 1993 [9], Infor-mation Hiding [38] in 1996, the Workshop on Economics and Information Security in2002 and the Workshop on Security and Human Behaviour in 2008), as well as onejournal (Computer and Communications Security Reviews). I helped Sophie van derZee start Decepticon.
Current direct research funding sources include Thales, EPSRC and the BoschFoundation.
Consultancy clients over the last twenty years include Infosys, RealVNC, Alcatel-Lucent, Qualcomm, Samsung, Actel, Securicor, Lehman Brothers, Kudelski, Mat-sushita, Microsoft, Intel, VISA, the UK Department of Transport, the British and Ice-landic Medical Associations, the Government of Singapore and the Electricity SupplyCommission of South Africa. Many of these assignments led to research papers.
2 Teaching and other activities
My teaching responsibilities cover those areas of the curriculum which have to do withthe dependability of computer systems. I’m on sabbatical in 2019; my lecture coursesin 2017–8 were in software and security engineering (for part Ia), economics, law andethics (for part Ib), and security (two courses for the MPhil).
6
I was elected to Council – the University’s governing body – for 2003–2006, 2007–10, and 2015–18.
3 Work history
1992–present: Cambridge University Computer Laboratory. Professor of SecurityEngineering since October 2003; Reader in Security Engineering 2000–3; UniversityLecturer 1995-2000; Senior Research Associate 1995; research student 1992–4.2011: Visiting scientist, Google; visiting professor, CMU1984–1991: Self employed consultant working mostly in projects related to computersecurity. The project which had the greatest impact was probably the design of proto-cols for a smartcard payment system [45].1981–83: worked on multilingual typesetting1979–80: gap-year travel in Europe, Africa, and the Middle East1974–5: worked for Ferranti as a development engineer on inertial navigation
4 Education, qualifications and awards
2016: Lovelace medal (the top UK award in computing)2016: Electronic Frontier Foundation Pioneer Award2015: ACM SIGSAC Outstanding Innovation Award2012: Louis D. Brandeis Privacy Award2009: Fellow, Royal Society2009: Fellow, Royal Academy of Engineering2009: Fellow, Institute of Physics2000: Fellow, IEE (now IET)1995: PhD, University of Cambridge1994: Member, IEE; Chartered Engineer1993: Fellow, IMA; Chartered Mathematician1987: Member, Institute of Bankers (lapsed)1974–8: BA, Trinity College, Cambridge; part II Mathematics, part II History andPhilosophy of Science (converted to MA, 1982)1976: CEI part II in computer engineering; AMIEE1973: Higher grade maths, physics, chemistry, biology, geography, english, french,german, latin; High School of Glasgow
7
5 Appointments and editorships
Foundation for Information Policy Research, Chair, since 1998; http://www.fipr.org
Chair: Workshop on Security and Human Behaviour 2008–2010 and 2013–4 and2017; Security of Internet of Things 2012 (program co-chair); Workshop on Economicsand Information Security, 2002 and 2006; Computer Security Applications Conference(European Co-Chair), 2000 and 2001; Eurocrypt 99 (rump session); Scrambling forSafety, 1998; Workshop on Personal Information, Isaac Newton Institute, Cambridge,June 1996 [38]; Workshop on Information Hiding, Isaac Newton Institute, Cambridge,May-June 1996 [39]; Workshop on Fast Software Encryption, Cambridge, December1993 [9]Program Committee Member: Workshop on Economics and Information Security,2002–19; SHB 2008–19; Financial Cryptography 2009–2019; GameSec 2012–6; De-cepticon 2015; WISCS 2015; ACM CCS 2014; USEC 2014; SOUPS 2006, 2011 and2013; NDSS 2012; Laser 2012; Information Hiding 1996–2012; FOCI 2011; ACMElectronic Commerce 2000, 2004, 2006 and 2010; Oakland (IEEE Computer SocietySymposium on Security and Privacy), 1994–5, 2002 and 2009; ESORICS 2002, 2005and 2007; ESCAR 2005–7; USEC 2007; Workshop on the Economics of Securing theInformation Infrastructure 2006; CHES 2001, 2003 and 2005; SIGCOMM 2003; FastSoftware Encryption 1993–2007; IPTPWS 2002; RSA 2001; ACISP 2001; Asiacrypt1996 and 2000; ICICS 99; EICAR 99; Usenix Electronic Commerce 96–8; Mednet 97;Crypto 95; Cryptography Policy and Algorithms 95; Cardis 94.World Economic Forum: Member, Global Agenda Council on the Future of the In-ternet (2008–2012)Visiting Professor: CMU Cylab; 2011; Rukmini Gopalakrishnan Chair, India Insti-tute of Science, 2009; UC Berkeley, 2001–2; MIT, 2002; Queensland University ofTechnology, July 1995Distinguished / Keynote / Invited Speaker: Usenix Security 2018; Information Hid-ing 2018; CCS Asia 2017; ACM CCS 2016; Royal Institute of Navigation 2016; EISIC2015; Information Security for the Public Sector, Stockholm 2015; Crossing 2015;eHelse 2015; Sackler Forum 2014; Black Hat 2014; Cathie Marsh Lecture, Royal Sta-tistical Society, 2014; Annual Privacy Lecture, Berkeley Law School 2014; Finan-cial Crypto 2014; ESSoS 2014; DIVMA 2014; Technion 2013; NADPO 2013; EST2013; USEC/WESCSR 2012; ACSAC 2012; Amsterdam Privacy Conference 2012;Obradoiro de Criptografia, Privacidade e seguridade 2012; Payment Systems Eco-nomics 2012; Indocrypt 2011; Govcert 2011; ESORICS 2011; AusCERT 2011; CMUCylab 2011; DHS/SRI ITTC 2011; OII 2011; Visions of Computer Science (launch ofthe Academy of Computer Science), Edinburgh 2010; Plenary lecture, Federal ReserveConference on the Economics of Payments, 2010; IET Prestige Lecture, 2010; Cente-nary lecture, India Institute of Science, Bangalore, 2009; OWASP 2009; De MontfortSTRL Annual Distinguished Seminar 2009; Wisec 2009; UK Unix User Group 2009;International Symposium on Resilient Control Systems 2009; SCADA Security Sci-entific Symposium 2009; ITU Telecom World 2009; SOUPS 2008; DEON’08; All
8
Hands e-Science Conference 2008; TTeC (Tromso Telemedicine and e-Health Confer-ence) 2008; Gartner IT Security Summit 2008; Crypto 2007; IFIP SEC 2007; FederalReserve Santa Fe Conference 2007; IDC Security Conference 2007; Softint 2007; Uni-versity of Edinburgh 2006; Science, Technology and Society 2006; EMIS NUG 2006;Networkshop 2006; University of Washington 2005; ISSE 2005; Science and Society2005; Body Sensor Networks 2005; 3rd DRM Conference, 2005; IST 2004; Wizards ofOS 2004; NITES 2004; Principles of Distributed Computing, 2003; J. Barkley RosserMemorial Lecture, University of Wisconsin, 2002; IFIP 2002; Economics of OpenSource Software, 2002; Symposium on Operating System Principles, 2001; CHES2001; MIT Distinguished Lecture Series, 2000; Carnegie Mellon University, 1999;Applications Security, 1999; Symposium für Datenschutz und Datensicherheit, 1998;ACM Conference on Computer and Communications Security, 1997; Royal DutchMedical Association, 1997; HealthCare 96; Securicom 1995; and the CryptographyPolicy and Algorithms Conference, Brisbane, 1995. Invited seminar talks include ETHZürich and the Universities of Michigan, Frankfurt, Århus, Twente, York and Newcas-tle; the National Physical Laboratory; the Centrum voor Wiskunde en Informatik, Am-sterdam; SRI, California; Microsoft Inc., Seattle; Dansk Dataforening, Copenhagen;and the Ecole Normale Supérieure, Paris.Royal Society Committees: sectional committee 4, 2012–5House of Commons: Special adviser to the Health Committee Inquiry into the Elec-tronic Patient Record, 2007Isaac Newton Institute: Principal Organiser, research programme on Computer Se-curity, Cryptology and Coding Theory, January – June 1996Computer and Communications Security Reviews, Editor-in-Chief, 1998-9; Editor,1992-98. I founded this in 1992 and sold it in 1998
References
[1] “Fast cryptogenerator” (with K Lockstone), UK patent application no. 8606842, March1986
[2] “Building a Mainframe Security Module”, in Proc. Infosec 89, pp 75–87
[3] “Solving a Class of Stream Ciphers”, in Cryptologia vol XIV no 3 (July 1990) pp 285–288
[4] “Tree Functions and Cipher Systems”, in Cryptologia vol XV no 3 (July 1991) pp 194–202
[5] “An Attack on Server Assisted Authentication Protocols” in Electronics Letters vol 28 (16July 1992) p 1473
[6] “UEPS – a Second Generation Electronic Wallet” in Computer Security – ESORICS 92,Springer LNCS vol 648 pp 411–418
[7] “Fast Attack on Certain Stream Ciphers”, Electronics Letters vol 29 (22 July 93) pp 1322–1323
[8] “A practical RSA trapdoor”, in Electronics Letters vol 29 no 11 (1993) p 995
9
[9] ‘Fast Software Encryption’ Springer LNCS vol 809, 1993 (editor)
[10] “Why Cryptosystems Fail”, in Proceedings of 1993 ACM Conference on Cryptology andComputer Security pp 215–227
[11] “The Classification of Hash Functions”, in Codes and Cyphers – Cryptography and Coding4 (Proceedings of IMA Conference on Cryptography and Coding, Cirencester 93), ed. PFarrell (IMA, 1995) pp 83–93
[12] “Why Cryptosystems Fail” in Communications of the ACM vol 37 no 11 (November 1994)pp 32–40
[13] “Fortifying key negotiation schemes with poorly chosen passwords” (with TMA Lomas),in Electronics Letters vol 30 (23 June 1994) pp 1040–1041
[14] “Robustness principles for public key protocols” (with RM Needham), in Advances inCryptology – Crypto 95 Springer LNCS vol 963 pp 236–247
[15] “Searching for the Optimum Correlation Attack”, in ‘Fast Software Encryption’ (1994),Springer LNCS vol 1008 pp 137–143
[16] “Making Smartcard Systems Robust”, in Proceedings of Cardis 94 (Lille, October 1994)pp 1–14
[17] “Liability and Computer Security – Nine Principles”, in Computer Security – ESORICS94, Springer LNCS vol 875 pp 231–245
[18] “Cryptographic Credit Control in Prepayment Metering Systems” (with SJ Bezuidenhout),in Proceedings of the 1995 IEEE Symposium on Security and Privacy pp 15–23
[19] “On Fibonacci Keystream Generators”, in ‘Fast Software Encryption’ (1994), SpringerLNCS vol 1008 pp 346–352
[20] ‘Robust Computer Security’, PhD Thesis, University of Cambridge
[21] “Programming Satan’s Computer” (with RM Needham) in ‘Computer Science Today’,commemorative issue of Springer Lecture Notes in Computer Science (vol 1000, 1995)pp 426–441
[22] “Crypto in Europe – Markets, Law and Policy”, in Cryptography: Policy and Algorithms(1995), Springer LNCS vol 1029 pp 75–89
[23] “NHS-wide networking and patient confidentiality”, in British Medical Journal vol 311 no6996 (1 July 1995) pp 5–6
[24] “Clinical System Security – Interim Guidelines”, in British Medical Journal vol 312 no7023 (13th January 1996) pp 109–111
[25] ‘Security in Clinical Information Systems’, published by the BMA (11th January 1996)
[26] “Tiger: A Fast New Hash Function”, (with E Biham) in ‘Fast Software Encryption’ (1996),Springer LNCS vol 1039 pp 89–97
[27] “Two Practical and Provably Secure Block Ciphers: BEAR and LION”, (with E Biham) in‘Fast Software Encryption’ (1996), Springer LNCS vol 1039 pp 113–120
10
[28] “NetCard - A Practical Electronic Cash Scheme” (with C Manifavas and C Sutherland), inSecurity Protocols (1996), Springer LNCS vol 1189 pp 49–57
[29] “Patient Confidentiality – At Risk from NHS Wide Networking”, in Proceedings ofHealthCare 96
[30] “On the Reliability of Electronic Payment Systems”, (with SJ Beduidenhoudt) in IEEETransactions on Software Engineering vol 22 no 5 (May 1996) pp 294–301
[31] “A Security Policy Model for Clinical Information Systems”, in Proceedings of the 1996IEEE Symposium on Security and Privacy pp 30–43
[32] “Stretching the Limits of Steganography”, in Information Hiding – First InternationalWorkshop (Cambridge, May/June 96), Springer LNCS vol 1174 pp 39–47
[33] “The Newton Channel” (with S Vaudenay, B Preneel and K Nyberg), in Information Hid-ing – First International Workshop (Cambridge, May/June 96), Springer LNCS vol 1174pp 151–156
[34] “The design of future pre-payment systems” (with SJ Bezuidenhout, N Pattinson and DTaylor), in Proceedings of 8th IEE Metering and Tariffs for Electricity Supply (MATES),Brighton, 3–5 July 1996; IEE Conference Publication No. 426 (ISSN 0537-9989) pp 119–123
[35] “The Eternity Service”, in Proceedings of Pragocrypt 96 (GC UCMP, ISBN 80-01-01502-5) pp 242–252
[36] “An Update on the BMA Security Policy”, in ‘Personal Medical Information – Security,Engineering and Ethics’ ([40] below) pp 233–250
[37] “Tamper Resistance – a Cautionary Note” (with MG Kuhn), in Proceedings of the SecondUsenix Workshop on Electronic Commerce (Nov 96) pp 1–11 best paper award
[38] ‘Information Hiding – First International Workshop’, May 30 – June 1 1996; sponsored bythe Isaac Newton Institute; proceedings published by Springer as LNCS vol 1174 (editor)
[39] ‘Personal Medical Information – Security, Engineering and Ethics’, June 21–22 1996;sponsored by the BMA and the Isaac Newton Institute; proceedings published by Springerin July 1997 as ISBN 3-540-63244-1 (editor)
[40] “Minding your p’s and q’s” (with S Vaudenay) in Advances in Cryptology – Asiacrypt 96,Springer LNCS vol 1163 pp 26–35
[41] “Low Cost Attacks on Tamper Resistant Devices” (with MG Kuhn) in Security Protocols– Proceedings of the 5th International Workshop (1997) Springer LNCS vol 1361 pp 125–136
[42] “Chameleon – A New Kind of Stream Cipher” (with C Manifavas) in ‘Fast Software En-cryption’ (1997), Springer LNCS v 1267 pp 107–113
[43] “The GCHQ Protocol and Its Problems” (with MR Roe) in Advances in Cryptology –Eurocrypt 97 Springer LNCS vol 1233 pp 134–148
11
[44] “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption” (with HAbelson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, PG Neumann, RL Rivest,JI Schiller, B Schneier) in World Wide Web Journal v 2 no 3 (Summer 1997) pp 241–257;submitted as testimony to the US senate and to House of Commons Trade and IndustrySelect Committee
[45] “The Formal Verification of a Payment System”, chapter in Industrial Strength FormalMethods, edited by Mike Hinchey and Jonathan Bowen, Academic Press 1999 ISBN: 1-85233-640-4, pp 43-52
[46] “Secure Books: Protecting the Distribution of Knowledge” (with V Matyas, F Petitco-las, I Buchan and R Hanka), in Security Protocols – Proceedings of the 5th InternationalWorkshop (1997), Springer LNCS vol 1361 pp 1–11
[47] “Eine klare Sicherheitspolitik für klinische Informationssysteme” (with A von Heydwolff),in Datenschutz und Datensicherheit vol 21 no 10 (Oct 97) pp 569–574
[48] ‘The Global Trust Register’ (with B Crispo, JH Lee, C Manifavas, V Matyás and FAPPetitcolas), published by Northgate Consultants, February 1998 (ISBN 0-9532397-0-5);1999 edition published by MIT Press (ISBN 0-262-51105-3)
[49] “On The Limits of Steganography” (with F Petitcolas), in the IEEE Journal on SelectedAreas in Communications, May 1998 – [57] below, pp 474–481
[50] “Attacks on Copyright Marking Systems” (with F Petitcolas and MG Kuhn), in Proceed-ings of the Second International Workshop on Information Hiding (Portland, Apr 98),Springer LNCS vol 1525 pp 219–239
[51] “Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations”, (with MGKuhn) in Proceedings of the Second International Workshop on Information Hiding (Port-land, Apr 98), Springer LNCS vol 1525 pp 126–143
[52] “The Steganographic File System” (with RM Needham and A Shamir), in Proceedingsof the Second International Workshop on Information Hiding (Portland, Apr 98) SpringerLNCS vol 1525 pp 74–84
[53] “Safety and Privacy in Clinical Information Systems”, in ‘Rethinking IT and Health’, JLenaghan (ed.), IPPR (Nov 98) (ISBN 1-86030-077-4) pp 140–160
[54] “Serpent: A New Block Cipher Proposal” (with E Biham and LR Knudsen), in Fast Soft-ware Encryption – proceedings of fifth international workshop (1998), Springer LNCS vol1372 pp 222–238
[55] ‘IEEE Journal on Selected Areas in Communications’, v 16 no 4 (May 1998) joint editor
[56] “On the Security of Digital Tachographs”, in Computer Security – ESORICS 98, SpringerLNCS vol 1485 pp 111–125
[57] “The Systematic Construction of Secret Sharing Schemes with Sparse Access Structures”(with CS Ding, T Helleseth and T Kløve), in ‘Designs, Codes and Cryptography’ v 15 no2 (Nov 1998) pp 111–124
[58] “A New Family of Authentication Protocols” (with F Bergadano, B Crispo, JH Lee, CManifavas and R Needham), in Operating Systems Review v 32 no 4 (Oct 1998) pp 9–20
12
[59] “Serpent: A Proposal for the Advanced Encryption Standard” (with E Biham and LRKnudsen), submitted to NIST as an AES candidate; a short version of the paper appearedat the AES conference, August 1998; both papers available at http://www.cl.cam.ac.uk/~rja14/serpent.html
[60] “Serpent and Smartcards” (with E Biham and LR Knudsen), in the pre-proceedings ofCardis 98; available at http://www.cl.cam.ac.uk/~rja14/serpent.html
[61] “The DeCODE Proposal for an Icelandic Health Database”, produced for the IcelandicMedical Association; part of this was published in Læknablaðið (The Icelandic MedicalJournal) v 84 no 11 (Nov 98) pp 874–5; full text available from http://www.cl.cam.ac.uk/users/rja14/#Med
[62] “The Eternal Resource Locator: An Alternative Means of Establishing Trust on the WorldWide Web” (with FAP Petitcolas and VM Matyas) in Proceedings of the Third USENIXWorkshop on Electronic Commerce pp 141–153
[63] “The Use of Information Retrieval Techniques for Intrusion Detection” (with A Khattak),at ‘Recent Advances in Intrusion Detection’, Louvain-la-Neuve, Sep 98
[64] ‘Health Informatics Journal’ v 4 no 3/4 (December 1998) guest editor
[65] ‘Signature Directive Consultation’ (with C Bowden), result of a consultation exercise car-ried out by the Foundation for Information Policy Research (FIPR) at the request of theEuropean Commission, on the EU Draft Directive on Electronic Signatures (COM1998297 final); full text available from http://www.cl.cam.ac.uk/users/rja14/signaturedoc.html
[66] “Software Piracy Detector Sensing Electromagnetic Computer Emanations” (with MGKuhn), UK patent no GB 2,330,924B, granted 6 August 2003, filed 29 October 1997
[67] “Low Cost Countermeasures Against Compromising Electromagnetic Computer Emana-tions” (with MG Kuhn), UK patent no GB 2333883, granted October 2003; US patentapplication pending
[68] “Safety and privacy in clinical systems: the state of play”, in [64] pp 121–123
[69] “Information technology in medical practice: safety and privacy lessons from the UnitedKingdom”, in Medical Journal of Australia v 170 (15/2/99) pp 181–184
[70] “Jikzi: A New Framework for Secure Publishing”, with JH Lee, in Security Protocols –7th International Workshop (1999), Springer LNCS v 1796 pp 21–47
[71] “The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks”, with F Sta-jano, in Security Protocols – 7th International Workshop (1999), Springer LNCS v 1796pp 172–194
[72] “Evaluation of Copyright Marking Systems”, (with FAP Petitcolas), in Proceedings ofIEEE International Conference on Multimedia Computing & Systems, vol. 1 (7-11 June1999, Florence, Italy) pp 574–579
[73] “Information Hiding – A Survey” (with F Petitcolas and MG Kuhn), in Proceedings of theIEEE v 87 no 7 (July 1999) pp 1062–1077
13
[74] “Murphy’s law, the fitness of evolving species, and the limits of software reliability” (withRM Brady and RC Ball), Computer Laboratory Technical Report no. 471 (September1999)
[75] “Soft Tempest – An Opportunity for NATO” (with MG Kuhn), at Protecting NATO Infor-mation Systems in the 21st century, NATO RTO-MP-27 AC/323(IST)TP/3 pp 5.1–5.5
[76] “The Cocaine Auction Protocol: On the Power of Anonymous Broadcast”, with F Stajano,in Information Hiding – Third International Workshop (1999), Springer LNCS v 1768 pp434–447
[77] “How to Cheat at the Lottery”, Proceedings of the Fifteenth Computer Security Applica-tions Conference (1999) pp xix–xvii
[78] “The Case for Serpent”, with Eli Biham and Lars Knudsen, at Third AES Conference(2000)
[79] ‘The Memorability and Security of Passwords – Some Empirical Results’, with JianxinYan, Alan Blackwell and Alastair Grant, Cambridge University Computer LaboratoryTechnical Report 500 (2000)
[80] “The Correctness of Crypto Transaction Sets”, in Proceedings of Protocols 2000, SpringerLNCS vol 2133 pp 125–141
[81] “The Grenade Timer”, with F Stajano, at 7th International Workshop on Multimedia Mo-bile Communications (MoMoC) (Tokyo, October 2000)
[82] “Jikzi: A New Framework for Security Policy, Trusted Publishing and Electronic Com-merce”, with JH Lee, in Computer Communications v 23 no 17 (1/11/2000) pp 1621–1626
[83] “Digital Signature”, reference section in Encyclopaedia of Computer Science, Fourth Edi-tion, Nature Publishing Group (2000) ISBN 1-561-59248-X pp 581–583
[84] “The XenoService - A Distributed Defeat for Distributed Denial of Service”, with JX Yan,S Early; presented at Information Survivability Workshop, Oct 2000, Boston
[85] “Security Policies”, with F Stajano and JH Lee, in Advances in Computers v 55 pp 185–235 (2001)
[86] “Improving Smartcard Security using Self-timed Circuit Technology”, with Simon Moore,Markus Kuhn; presented at Fourth ACiD-WG Workshop, Grenoble, ISBN 2-913329-44-6,2000
[87] “Undermining data privacy in health information”, in British Medical Journal v 322 (24February 2001) pp 442-443
[88] ‘Security Engineering – A Guide to Building Dependable Distributed Systems’ Wiley(March 2001), ISBN 0-471-38922-6
[89] “API-Level Attacks on Embedded Systems”, with Mike Bond; in IEEE Computer v 34 no10 (October 2001) pp 67-75
[90] “Why Information Security is Hard – An Economic Perspective”, in Proceedings of theSeventeenth Computer Security Applications Conference IEEE Computer Society Press(2001), ISBN 0-7695-1405-7, pp 358–365; also given as a distinguished lecture at theSymposium on Operating Systems Principles, Banff, October 2001
14
[91] “The Resurrecting Duckling: Security Issues for Ubiquitous Computing”, with Frank Sta-jano; in IEEE Computer Security and Privacy inaugural issue – supplement to v 35 no 4(April 2002) pp 22–26
[92] “Improving Smart Card Security using Self-timed Circuits” (with Simon Moore, Paul Cun-ningham, Robert Mullins and George Taylor), at Asynch 2002 best presentation award
[93] “Two Remarks on Public Key Cryptography”, writes up ideas of forward security pre-sented at an invited talk, ACM CCS, Zürich, April 1997; now available as Computer Lab-oratory Technical report no. 549
[94] “Unsettling Parallels Between Security and the Environment”, at Workshop on Eco-nomics and Information Security 2002, at http://www.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/
[95] “Optical Fault Induction Attacks” (with S Skorogbogatov), in Cryptographic Hardwareand Embedded Systems 2002, Springer LNCS vol 2523 pp 2–12, at http://www.cl.cam.ac.uk/~rja14/Papers/faultpap3.pdf
[96] “Security in Open Versus Closed Systems – the Dance of Boltzmann, Coase and Moore”,at Open Source Software Economics 2002, at http://idei.fr/activity.php?r=1898
[97] “On a New Way to Read Data from Memory” (with D Samyde, S Skorogbogatov andJJ Quisquater), in proceedings of first IEEE Security in Storage Workshop, at http://www.cl.cam.ac.uk/~rja14/Papers/SISW02.pdf
[98] “Balanced Self-Checking Asynchronous Logic for Smart Card Applications” (with SimonMoore, Robert Mullins, George Taylor and Jacques Fournier), in Microprocessors andMicrosystems Journal, v 27 no 9 (Oct 2003) pp 421–430
[99] “Security in a digital repository” (with Richard Clayton and Ellis Weinberger), NationalPreservation Office Journal issue 11, October 2002, pp 12–13
[100] “TCPA / Palladium Frequently Asked Questions”, in Computer Security Journal v 18 no3–4, Summer/Fall 2002, pp 63–70; and at http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
[101] “Trusted Computing’ and Competition Policy – Issues for Computing Professionals”, inUpgrade v 4 no 3 (June 2003) pp 35–41; at http://www.upgrade-cepis.org/issues/2003/3/upgrade-vIV-3.html
[102] “Protocol Analysis, Composability and Computation” (with Mike Bond), in ComputerSystems: Papers for Roger Needham, Microsoft Research, Feb 2003, pp 7–10; publishedas Computer Systems: Theory, Technology and Applications, Springer 2003.
[103] “Cryptography and Competition Policy – Issues with ‘Trusted Computing’ ”, at Workshopon Economics and Information Security 2003; also given as the Caroline and EdwardWenk Jr. Lecture in Technology and Public Policy, Johns Hopkins University, 2003; athttp://www.cl.cam.ac.uk/~rja14/Papers/tcpa.pdf
[104] “The Dancing Bear - A New Way of Composing Ciphers”, in Security Protocols – 12thInternational Workshop, Cambridge, UK, 26–28 April 2004; Springer LNCS v 3957 pp231–238
15
[105] “The Economics of Censorship Resistance” (with George Danezis), at Workshop on Eco-nomics of Information Security, Minneapolis, Mn., 13–14 May 2004; journal version inIEEE Security & Privacy v 3 no 1 (2005) pp 45–50 as “The Economics of Resisting Cen-sorship”
[106] “On Dealing with Adversaries Fairly” (with Andrei Serjantov), at Workshop on Eco-nomics of Information Security, Minneapolis, Mn., 13–14 May 2004
[107] “Cryptography and Competition Policy” (book chapter version of [103]) in Economics ofInformation Security, ed. LJ Camp, S Lewis, Kluwer 2004, pp 35–52
[108] “Key Infection: Smart Trust for Smart Dust” (with Haowen Chan and Adrian Perrig), atICNP, Berlin, Germany, 5–8 October 2004 pp 206–215
[109] “Password Memorability and Security: Empirical Results” (with Jianxin Yan, Alan Black-well and Alastair Grant), journal version of [79], in IEEE Security & Privacy, Sep–Oct2004 pp 25–29
[110] ‘EDRI, FIPR and VOSN response to the European commission consultation on the reviewof the “acquis communautaire” in the field of copyright and related rights (with TeresaHackett), October 2004
[111] “User Interface for a Computing Device” (with Alan Blackwell, Jon Crowcroft and StevenMurdoch), UK Patent Application 0426818.1, 7 December 2004
[112] ‘Response to EU consultation on review of copyright law’ (with Teresa Hackett and VolkerGrassmuck), EDRI 2004; at http://www.edri.org/campaigns/copyright
[113] “Chip and Spin” (with Mike Bond and Steven Murdoch), in Computer Security Journal v22 no 2 (2006) pp 1–6, at http://www.chipandspin.co.uk
[114] “System Security for Cyborgs”, in Second International Workshop on Body Sensor Net-works, April 12-13 2005, pp 36-39
[115] “The Initial Costs and Maintenance Costs of Protocols”, in Security Protocols Workshop2005 Springer LNCS v 4631 pp 333–343
[116] “How Much is Location Privacy Worth?” (with George Danezis and Stephen Mur-doch), at Workshop on Economics of Information Security 2005; also at http://www.spiked-online.com/articles/0000000CAC3F.htm
[117] “Open and Closed Source Systems are Equivalent (that is, in an ideal world)”, in Perspec-tives on Free and Open Source Software, MIT Press 2005, pp 127–142
[118] “The Topology of Covert Conflict” (with Shishir Nagaraja), Computer Laboratory Tech-nical Report no. 637 (July 2005); also at Workshop on Economics of Information Security(June 2006)
[119] “Combining cryptography with biometrics effectively” (with Feng Hao and John Daug-man), Computer Laboratory Technical Report no. 640 (July 2005)
[120] “Robbing the bank with a theorem prover” (with Paul Youn, Ben Adida, Mike Bond,Jolyon Clulow, Jonathan Herzog, Amerson Lin and Ron Rivest), Computer LaboratoryTechnical Report no. 644 (August 2005); also at Security Protocols 2007, Springer LNCSv 5964 (2011) pp 171–177
16
[121] “Sybil-Resistant DHT Routing” (with George Danezis, Chris Lesneiwski-Laas and FransKaashoek), in ESORICS 2005, Springer LNCS vol 3769 pp 305–318
[122] “Cryptographic processors – a survey” (with Mike Bond, Jolyon Clulow and Sergei Sko-robogatov), Computer Laboratory Technical Report no. 641 (July 2005), shortened versionin Proc. IEEE v 94 no 2 (Feb 2006) pp 357–369
[123] “The Memorability and Security of Passwords” (with Jianxin Yan, Alan Blackwell andAlastair Grant), book chapter version of [79], in ‘Security and Usability’, O’Reilly (2005)pp 129–142
[124] “Trends in Security Economics” (with Tyler Moore) in European Network and Informa-tion Security Agency Quarterly v 1 no 3 (Dec 2005) pp 6–7
[125] “Phish and Chips” (with Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, StevenMurdoch and Ron Rivest), at Security Protocols Workshop, Mar 2006, Springer LNCS vol5087 pp 40–48
[126] “The Man-in-the-Middle Defence”, with Mike Bond, at Security Protocols Workshop,Mar 2006 Springer LNCS vol 5087 pp 153–163
[127] “Combining cryptography with biometrics effectively” (with Feng Hao and John Daug-man), in IEEE Transactions on Computers vol 55 no 9 (Sep 2006) pp 1081–1088
[128] “Protecting Domestic Power-line Communications” (with Richard Newman, ShermanGavette and Larry Yonge), in Symposium On Usable Privacy and Security, CMU (July12–14) 2006 pp 122–132
[129] “Healthcare IT in Europe and North America”, National Audit Office, 2006
[130] ‘FIPR Response to the Home Office: “Consultation on the Revised Statutory Code for Ac-quisition and Disclosure of Communications Data – Chapter II of Part I of the Regulationof Investigatory Powers Act 2000” ’ (with Richard Clayton), September 2006
[131] ‘FIPR Response to the Home Office: “Consultation on the Revised Statutory Code forAcquisition and Disclosure of Communications Data – Part III of the Regulation of Inves-tigatory Powers Act 2000” ’ (with Richard Clayton), September 2006
[132] ‘FIPR Consultation Response on “New Powers Against Organised and Financial Crime”’, October 2006
[133] ‘FIPR Consultation Response on “Personal Internet Security ’, October 2006
[134] “The Economics of Information Security” (with Tyler Moore), in Science v 314 no 5799(27 October 2006) pp 610–613
[135] ‘Children’s Databases – Safety and Privacy’ (with Ian Brown, Richard Clayton, TerriDowty, Douwe Korff and Eileen Munro), Information Commissioner’s Office, November2006
[136] “Under threat: patient confidentiality and NHS computing”, in Drugs and Alcohol Todayv 6 no 4 (Dec 2006) pp 13–17
17
[137] “The Economics of Information Security – A Survey and Open Questions” (with TylerMoore), at Softint 2007 (Jan 19–20, Toulouse); at http://www.cl.cam.ac.uk/~rja14/Papers/toulouse-summary.pdf
[138] “HomePlug AV Security Mechanisms” (with Richard Newman, Sherman Gavette andLarry Yonge), in ISPLC 2007 pp 366–371
[139] “RFID and the Middleman”, in Proceedings of the Eleventh International Conference onFinancial Cryptography and Data Security, February 2007, Springer LNCS v 4886 pp46–49
[140] ‘FIPR Consultation Response on “Framework for Information Assurance” ’, March 2007
[141] ‘FIPR Consultation Response on “The Electronic Patient Record and its Use” ’ (with IanBrown, Douwe Korff, and Fleur Fisher), March 2007
[142] “On the Security of the on EMV Secure Messaging API” (with Ben Adida, Mike Bond,Jolyon Clulow, Amerson Lin and Ron Rivest), at Security Protocols 2007, Springer LNCSv 5964 pp 147–151
[143] “Closing the Phishing Hole – Fraud, Risk and Nonbanks”, at Nonbanks in the PaymentSystem, Santa Fe, NM, May 2007
[144] “New Strategies for Revocation in Ad-Hoc Networks” (with Tyler Moore, Jolyon Clulowand Shishir Nagaraja), in ESAS 2007, Springer LNCS 4572 pp 232–246 (best paper award)
[145] “Information Security Economics – and Beyond” (with Tyler Moore), in Advances inCryptology – Crypto 2007, Springer LNCS 4622, pp 68–91
[146] “Incentives and Information Security” (with Tyler Moore, Shishir Nagaraja and AndyOzment), Algorithmic Mechanism Design, CUP 2007, pp 633–649
[147] “Shifting Borders” (with Steven Murdoch), in Index on Censorship, December 2007
[148] “Dynamic topologies for robust and scale-free networks” (with Shishir Nagaraja), in Bio-inspired Computing and Communication (2007), Springer LNCS v 5151 pp 411–426
[149] “Tools and Technology of Internet Filtering” (with Steven Murdoch), in Access Denied,MIT Press (2008) pp 57–72
[150] FIPR Submission to The Hunt Review of the Financial Ombudsman Service’ (withNicholas Bohm), January 2008
[151] “Patient Confidentiality and Central Databases”, in British Journal of General Practice v58 no 547 (Feb 2008) pp 75–76
[152] ‘Consultation response on The Data Sharing Review’ (with Nicholas Bohm, Terri Dowty,Fleur Fisher, Douwe Korff, Eileen Munro and Martyn Thomas), FIPR, Feb 2008
[153] “Thinking inside the box: system-level failures of tamper proofing” (with Saar Drimerand Steven Murdoch), Computer Lab Technical Report UCAM-CL-TR-711; also at 2008IEEE Symposium on Security and Privacy, pp 281–295; outstanding paper award by IEEESecurity & Privacy Magazine
18
[154] ‘Security Economics and the Internal Market’ (with Rainer Böhme, Richard Clay-ton and Tyler Moore), published by the European Network and Information Secu-rity Agency, March 2008, at http://www.enisa.europa.eu/pages/analys_barr_incent_for_nis_20080306.htm
[155] “Fast exclusion of errant devices from vehicular networks” with Jolyon Clulow, Jean-Pierre Hubaux, Tyler Moore and Panagiotis Papadimitratos, in Fifth Annual IEEE Commu-nications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks(SECON 08) pp 135–143
[156] “What Next after Anonymity?” with Steven Murdoch, Security Protocols Workshop 2008,Springer LNCS 6615 pp 220–231
[157] ‘Security Engineering – A Guide to Building Dependable Distributed Systems’, Secondedition, Wiley (April 2008), ISBN 978-0-470-06852-6
[158] “Security Economics and European Policy”, with Rainer Böhme, Richard Clayton andTyler Moore), Workshop on the Economics of Information Security (WEIS 08); shortenedversion in ISSE 2008, Vieweg-Teubner pp 57–76
[159] “Failures on Fraud”, in Speed vol 3 no 2 (Sep 2008) pp 6–7
[160] “Security Economics and European Policy”, (with Rainer Böhme, Richard Clayton andTyler Moore), shorter version of [158]; in proceedings Managing Information Risk and theEconomics of Security, Springer 2008 pp 55–80
[161] “Democracy Theatre: Comments on Facebook’s Proposed Governance Scheme”, (withJoseph Bonneau, Sören Preibusch, Jonathan Anderson and Richard Clayton), submitted toFacebook terms of service consultation, Mar 29 2009, at http://www.cl.cam.ac.uk/~jcb82/2009-03-29-facebook-comments.pdf
[162] ‘Cambridge University – the Unauthorised History’, January 2009, at http://www.cl.cam.ac.uk/~rja14
[163] “The Devil’s flame-thrower”, Times Higher Education Supplement Feb 5, 2009
[164] “What’s academic freedom anyway?”, Oxford Magazine Feb 19, 2009
[165] “Optimised to Fail: Card Readers for Online Banking” (with Saar Drimer and StevenMurdoch), Financial Cryptography and Data Security 09, Springer LNCS 5628, pp 184–200
[166] ‘Database State’ (with Ian Brown, Terri Dowty, William Heath, Philip Inglesant and An-gela Sasse), Joseph Rowntree Reform Trust, March 2009
[167] “The snooping dragon: social-malware surveillance of the Tibetan movement” (withShishir Nagaraja), University of Cambridge technical report UCAM-CL-TR-746, March2009
[168] “Eight Friends Are Enough: Social Graph Approximation via Public Listings” (withJoseph Bonneau, Jonathan Anderson and Frank Stajano), in Proceedings of the SecondACM EuroSys Workshop on Social Network Systems pp 13–18
[169] “The Trust Economy of Brief Encounters”, Security Protocols Workshop 2009, SpringerLNCS v 7028 pp 282–297
19
[170] “Security Economics and Critical National Infrastructure” (with Shailendra Fuloria), atWorkshop on the Economics of Information Security (WEIS 09); in Economics of Infor-mation Security and Privacy (Springer, 2010) pp 55-66
[171] “Information security: where computer science, economics and psychology meet” (withTyler Moore) in Philosophical Transactions of the Royal Society A v 367 no 1898 pp2717–2727
[172] ‘Consultation response on Regulation of Investigatory Powers Act 2000 ConsolidatingOrders and Codes of Practice’ (with Jim Killock), FIPR and ORG, July 2009
[173] ‘Consultation response on Interception Modernisation or “Protecting the Public” ’ (withJim Killock), FIPR and ORG, July 2009
[174] ‘Consultation response on Civil Litigation Costs Review’, FIPR, July 2009
[175] “Certification and Evaluation: A Security Economics Perspective” (with Shailendra Fu-loria), at IEEE Emerging Technologies and Factory Automation (Sep 2009) pp 1–7
[176] “The Economics of Online Crime” (with Tyler Moore and Richard Clayton) in Journal ofEconomic Perspectives v 23 no 3 (2009) pp 3–20
[177] “Failures of Tamper-Proofing in PIN Entry Devices” (with Saar Drimer and Steven Mur-doch), IEEE Security and Privacy v 7 no 6 (Nov-Dec 09) pp 39–45 (journal versionof [153])
[178] “Verified by VISA and MasterCard SecureCode: or, How Not to Design Authentication”(with Steven Murdoch), at Financial Cryptography 2010 Springer LNCS 6052 pp 336–342
[179] “It’s the Anthropology, Stupid!” (with Frank Stajano), at Security Protocols Workshop2010 Springer LNCS 7061 pp 127–141
[180] “Chip and Pin is Broken” (with Steven Murdoch, Saar Drimer and Mike Bond), at IEEESymposium on Security and Privacy (2010) pp 433–444 (outstanding paper award)
[181] “On the Security of Internet Banking in South Korea” (with Hyoungshick Kim and JunHo Huh), Oxford University Computer Lab Technical Report RR–10–01, March 2010
[182] “On the security economics of electricity metering” (with Shailendra Fuloria), at Work-shop on the Economics of Information Security (WEIS 10)
[183] “Key Management for Substations: Symmetric Keys, Public Keys or No Keys?” (withShailendra Fuloria, Kevin McGrath, Kai Hansen and Fernando Alvarez), at IEEE PowerSystems Conference and Exhibition (PSCE 2010)
[184] “Who controls the off switch?” (with Shailendra Fuloria), at IEEE SmartGridComm(NIST, October 2010)
[185] “Might Financial Cryptography Kill Financial Innovation? – The Curious Case of EMV”(with Mike Bond, Omar Choudary, Steven Murdoch and Frank Stajano), at FinancialCryptography 2011, Springer LNCS 7035 pp 220–234
[186] “Can We Fix the Security Economics of Federated Authentication?”, at Security ProtocolsWorkshop 2011 Springer LNCS 7111 pp 25–48
20
[187] ‘Resilience of the Internet Interconnection Ecosystem’ (with Panagiotis Trimintzios, ChrisHall, Richard Clayton and Evangelos Ouzounis), European Network and Information Se-curity Agency, April 2011; abridged version published at WEIS 2011, Economics of Infor-mation Security and Privacy III (Springer 2013) pp 119–148
[188] “Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behav-ioral Research” (with Tyler Moore), Harvard University Computer Science Group techni-cal report TR-03-11, 2011; also published as “Internet Security” in The Oxford Handbookof the Digital Economy pp 572–599 (OUP, 2012)
[189] “Towards a security architecture for substations” (with Shailendra Fuloria), IEEE PES –ISGT Europe pp 1–6 (2011)
[190] “Centrality prediction in dynamic human contact networks” (with Hyoungshick Kim,John Tang and Cecilia Mascolo), in Computer Networks v 56, Special issue on ComplexDynamic Networks: Tools and Methods (2012) pp 983–996
[191] “Temporal node centrality in complex networks” (with Hyoungshick Kim), Phys Rev E v85 026107 (2012)
[192] “A birthday present every eleven wallets?” (with Joe Bonneau), at Financial Cryptogra-phy 2012 Springer LNCS v 7397 pp 25–40
[193] “Social Authentication – harder than it looks” (with Hyoungshick Kim), at FinancialCryptography 2012 Springer LNCS v 7397 pp 1–15
[194] “Ethics Committees and IRBs: Boon, or Bane, or More Research Needed?”, at FinancialCryptography 2012 Springer LNCS v 7398 pp 133–5
[195] “Risk and privacy implications of consumer payment innovation”, in Consumer PaymentInnovation in the Connected Age, Kansas City Fed, March 2012, at https://www.kansascityfed.org/publications/research/pscp/pscp-2012.cfm
[196] “Measuring the Cost of Cybercrime” (with Chris Barton, Rainer Böhme. Richard Clayton,Michel van Eeten, Michael Levi, Tyler Moore and Stefan Savage), at the Workshop on theEconomics of Information Security 2012; in The Economics of Information Security andPrivacy (Springer 2013) pp 265–300
[197] “CHERI: a research platform deconflating hardware virtualization and protection” (withRobert Watson, Peter Neumann, Jonathan Woodruff, Jonathan Anderson, Nirav Dave, BenLaurie, Simon Moore, Steven Murdoch, Philip Paeps, Michael Roe and Hassen Saidi), atRESoLVEâAZ12 (Mar 3, 2012)
[198] Consultation response on ‘Making Open Data Real’, Foundation for Information PolicyResearch, October 2011, published August 2012
[199] Consultation response on ‘ICO Draft Anonymisation Code of Practice’, Foundation forInformation Policy Research, August 2012
[200] “Aurasium: Practical Policy Enforcement in Android Applications” (with Rubin Xu andHassen Saidi), at Usenix 2012
[201] “How Certification Systems Fail: Lessons from the Ware Report” (with Steven Murdochand Mike Bond), IEEE Security and Privacy, June 2012 pp 40–44
21
[202] “Chip and Skim: cloning EMV cards with the pre-play attack”(with Mike Bond, OmarChoudary, Steven Murdoch and Sergei Skorobogatov), a rXiv:0547955, Sep 2012
[203] “Smart Metering – Ed Milliband’s Poisoned Chalice” (with Alex Henney), submitted toDECC (2012), and at http://www.lightbluetouchpaper.org
[204] “Why quantum computing is hard – and quantum cryptography is not provably secure”(with Robert Brady), arXiv:1301.7351, Jan 2013
[205] “Authentication for Resilience: The Case of SDN” (with Dongting Yu, Andrew Mooreand Chris Hall), in Security Protocols Workshop 2013 Springer LNCS 8263 pp 39–53
[206] “An Experimental Evaluation of Robustness of Networks” (with Hyoungshick Kim), inIEEE Systems Journal – Special Issue on Security and Privacy in Complex Systems v 7 no2 (June 2013) pp 179–188
[207] “Violation of Bell’s inequality in fluid mechanics” (with Robert Brady, arXiv:1305.6822,May 2013
[208] “Rendezvous: A Search Engine for Binary Code” (with Wei-Ming Khoo and Alan My-croft) at MSR 2013 pp 329–338
[209] “PIN Skimmer: Inferring PINs Through The Camera and Microphone” (with LaurentSimon), at Third ACM workshop on Security and privacy in smartphones & mobile devices(SPSM 2013) pp 67–78
[210] “Reading this may harm your computer – The psychology of malware warnings” (withDavid Modic), SSRN 2374379 (Jan 3 2014)
[211] “Why bouncing droplets are a pretty good model of quantum mechanics” (with RobertBrady), arXiv:1401.4356, Jan 2014
[212] “Security protocols and evidence: where many payment systems fail” (with Steven Mur-doch), at Financial Cryptography 2014, Springer LNCS 8437 pp 21–32
[213] “Collaborating with the enemy on network management” (with Chris Hall, Dongting Yu,Zhu-Li Zhang, Jonathan Stout, Andrew Odlyzko, Andrew Moore, Jean Camp and KevinBenton) at Security Protocols Workshop 2014 Springer LNCS v 8809 pp 154–171
[214] “Chip and Skim: Cloning EMV Cards with the Pre-Play Attack” (with Mike Bond, OmarChoudary, Steven Murdoch and Sergei Skorobogatov) at IEEE Security and Privacy 2014(updated version of [202])
[215] “Privacy versus government surveillance – where network effects meet public choice” atWorkshop on the Economics of Information Security 2014
[216] “Experimental Measurement of Attitudes Regarding Cybercrime” (with James Graves andAlessandro Acquisti), at Workshop on the Economics of Information Security 2014
[217] “We Will Make You Like Our Research: The Development of a Susceptibility-to-Persuasion Scale” (with David Modic), SSRN 2446971 (April 21 2014)
[218] “EMV: Why Payment Systems Fail” (with Steven Murdoch), in Communications of theACM v 57 no 6 (June 2014) pp 24–28
22
[219] “To freeze or not to freeze – A motion-capture approach to detecting deceit” (with Sophievan der Zee, Ronald Poppe and Paul Taylor), in Rapid Screening Technologies, DeceptionDetection and Credibility Assessment Symposium, HICSS 2015
[220] “Mining Bodily Cues to Deception” (with Ronald Poppe, Sophie van der Zee, Paul Taylorand Remco Veltkamp), in Rapid Screening Technologies, Deception Detection and Credi-bility Assessment Symposium, HICSS 2015
[221] ‘The collection, linking and use of data in biomedical research and health care: eth-ical issues’ (with Martin Richards, Stephen Hinde, Jane Kaye, Anneke Lucassen, PaulMatthews, Michael Parker, Margaret Shotter, Geoff Watts, Susan Wallace and John Wise),Nuffield Bioethics Council, Feb 2015
[222] “Maxwell’s fluid model of magnetism” (with Robert Brady), Arxiv 1502.05926
[223] “He Who Pays The AI, Calls The Tune”, in What do you think about machines that think?,Edge, 2015; at https://www.edge.org/response-detail/26069
[224] “Be Prepared: The EMV Pre-play Attack” (with Mike Bond, Marios Chaudary and SergeiSkorobogatov), in IEEE Security and Privacy Magazine (Mar 2015) pp 56–64
[225] “Security Analysis of Factory Resets” (with Laurent Simon), at Mobile Security Tech-nologies (MoST) 2015
[226] “Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android MobileAnti-Virus Apps” (with Laurent Simon), at Mobile Security Technologies (MoST) 2015
[227] “What goes around comes around”, in Privacy in the Modern Age: The Search for Solu-tions, EPIC (2015)
[228] “Do You Believe in Tinker Bell? The Social Externalities of Trust” (with Khaled Baqer),in Protocols Workshop 2015 Springer LNCS 9379 pp 224–246
[229] “Keys Under Doormats: Mandating insecurity by requiring government access to alldata and communications” (with Hal Abelson, Steve Bellovin, Josh Benaloh, Matt Blaze,Whit Diffie, John Gilmore, Matt Green, Susan Landau, Peter Neumann, Ron Rivest, JeffSchiller, Bruce Schneier, Michael Specter and Danny Weitzner), MIT CSAIL Tech Re-port 2015-026 (July 6, 2015); also in Journal of Cybersecurity (2015); abridged version inCommunications of the ACM v 58 no 10 (Oct 2015) (winner of JD Falk award)
[230] “It’s All Over but the Crying: The Emotional and Financial Impact of Internet Fraud”(with David Modic), IEEE Security & Privacy v 13 no 5 (2015) pp 99–103
[231] “Are Payment Card Contracts Unfair?” (with Steven Murdoch, Ingolf Becker, Ruba Abu-Salma, Nicholas Bohm, Alice Hutchings, Angela Sasse, and Gianluca Stringhini), at Fi-nancial Cryptography 2016, Springer LNCS v 9603 pp 600–608
[232] “SMAPs: Short Message Authentication Protocols” (with Khaled Baqer, JohannBezuidenhoudt and Markus Kuhn) in Security Protocols 2016, Springer LNCS v 10368
[233] “Don’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing onAndroid Keyboards” (with Laurent Simon and Wenduan Xu), PETS 2016
23
[234] “When Lying Feels the Right Thing to Do” (with Sophie van der Zee and Ronald Poppe),Frontiers in Psychology, 2 June 2016; reprinted as a chapter in Dishonest Behavior: FromTheory to Practice, Frontiers in Psychology ebook (2017), edited by Guy Hochman, Sha-har Ayal and Dan Ariely, pp 74–86
[235] “Taking Down Websites to Prevent Crime” (with Alice Hutchings and Richard Clayton),APWG eCrime 2016 pp 102–111
[236] “International Comparison of Bank Fraud Reimbursement: Customer Perceptions andContractual Terms” (with Ingolf Becker, Alice Hutchings, Ruba Abu-Salma, NicholasBohm, Steven Murdoch, Angela Sasse and Gianluca Stringhini), at WEIS 2016
[237] “Replacing Magic With Mechanism?”, in What do you consider the most interestign re-cent [scientific] news? What makes it important?, Edge, 2016; at https://www.edge.org/response-detail/26757
[238] “Brexit and technology: How network effects will damage UK IT industry”, ComputerWeekly, 20 June 2016
[239] “What would Brexit really mean for Cambridge”, in Cambridge News, 21st June 2016; athttp://www.lightbluetouchpaper.org
[240] “Apple’s Cloud Key Vault, Exceptional Access, and False Equivalences” (with HaroldAbelson, Steve Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore,Matthew Green, Susan Landau, Peter Neumann, Ron Rivest, Jeff Schiller, Bruce Schneier,Michael Specter and Daniel J.Weitzner), Lawfare, September 7th 2016
[241] “Hard Newcap or Soft Newcap? A Christmas Fable”, 21 Dec 2016, at http://www.lightbluetouchpaper.org
[242] “Reconciling Multiple Objectives – Politics or Markets?” (with Khaled Baqer) in SecurityProtocols 2017
[243] “De-Anonymization”, in What scientific term or concept ought to be more widely known?,Edge, 2017; at https://www.edge.org/response-detail/27195
[244] “DigiTally: Piloting Offline Payments for Phones” (with Khaled Baqer, Lorna Mutegi,Jeunese Adrienne Payne and Joseph Sevilla), in the procedings of the Symposium on Us-ability and Privacy (SOUPS) 2017, pp 131–143
[245] “Standardisation and Certification of the Internet of Things” (with Eireann Leverett andRichard Clayton), Workshop on the Economics of Information Security (2017) – abridgedversion of [246]
[246] “Standardisation and Certification of Safety, Security and Privacy in the In-ternet of Things” (with Èireann Leverett and Richard Clayton), EuropeanUnion (written 2016; dated 2017; actually published 2018), https://publications.europa.eu/en/publication-detail/-/publication/80bb1618-16bb-11e8-9253-01aa75ed71a1/language-en
[247] “International comparison of bank fraud reimbursement: customer perceptions and con-tractual terms” (with Ingolf Becker, Alice Hutchings, Ruba Abu-Salma, Nicholas Bohm,Steven Murdoch, Angela Sasse and Gianluca Stringhini), in Journal of Cybersecurity v 3no 2 (June 2017 – journal version of [236])
24
[248] “The Threat – A Conversation with Ross Anderson”, Edge, Oct 25 2017; at https://www.edge.org/conversation/ross_anderson-the-threat
[249] “Perception Versus Punishment in Cybercrime” (with Jim Graves and Alessandro Ac-quisti) in Journal of Criminal Law and Criminology v 109 (2018)
[250] “Making Security Sustainable”, in Communications of the ACM v 61 no 3 (Mar 2018) pp24–26
[251] “Making Bitcoin Legal” (with Ilia Shumailov and Amnsoor Ahmed), in Security Proto-cols XXVI, LNCS v 11286 (2018) pp 243–265
[252] “What you get is what you C: controlling side-effects in mainstream C compilers” (withLaurent Simon and David Chisnall), at IEEE European Symposium on Security and Pri-vacy (2018)
[253] “We Will Make You Like Our Research: The Development of a Susceptibility-to-Persuasion Scale” (with David Modic and Jussi Palomäki), in PLOS One v 13 no 3 (March15 2018 – journal version of [217])
[254] “Making security sustainable”, in Communications of the ACM v 61 no 3 (March 2018),pp 24–26
[255] “Bitcoin Redux” (with Ilia Shumailov, Amnsoor Ahmed and Alessandro Rietmann), inWorkshop on the Economics of Information Security (2018)
[256] “Privacy for Tigers”, invited talk at Usenix Security 2018, at https://www.usenix.org/presentation/anderson
[257] “To compress or not to compress: Understanding the Interactions between AdversarialAttacks and Neural Network Compression” (with Yiren Zhao, Ilia Shumailov and RobertMullins), arXiv:1810.00208, Sep 2018; accepted at SysML 2019
[258] “Letter regarding the Telecommunications and Other Legislation Amendment (Assistanceand Access) Bill 2018” (with H Abelson, R Barnes, X Boyen, A Cooper, C Culane, R Gore,B Laurie, PG Neumann, M Nottingham, J Pieprzyk, R Rivest, B Schneier, J Schiller, MSPecter, V Teague, Y Yarom, DJ Weitzner), 14 Nov 2018
[259] “The Taboo Trap: Behavioural Detection of Adversarial Samples” (with Ilia Shumailov,Yiren Zhao and Robert Mullins), arXiv:1811.07375, Nov 2018
[260] “Tendrils of Crime: Visualizing the Diffusion of Stolen Bitcoins” (with Mansoor Ahmedand Ilia Shumailov), arXiv:1901.01769, Jan 2019
[261] “Sitatapatra: Blocking the Transfer of Adversarial Samples” (with Ilia Shumailov, XitongGao, Yiren Zhao, Robert Mullins and Cheng-Zhong Xu) arXiv:1901.08112, Jan 2019
25